Avatar
Ron Stoner 2y ago

How many people are using https://github.com/lnbits/nostr-signing-device#nostr-signing-device out of curiosity? I imagine I’m one of a small group currently managing my own keys on a hardware device to sign my nostr events. AMA and let’s get more people managing their own keys in a better way. #AMA

Reply to this note

Please Login to reply.

Discussion

Avatar
jascha 2y ago

I have gone as far as ⭐ it.

Avatar
Ron Stoner 2y ago

Do you have an ESP32 or a LilyGo T-Display?

Avatar
:P 2y ago

I ordered a bunch of LNBits gear one being the nostr signing device kit! Can’t wait!

Avatar
Ron Stoner 2y ago

That’s awesome. Let me know what questions you have when you go to set it up. I’m familiar with the flow and major gotchas with the current version.

Avatar
:P 2y ago

Will do! thanks for volunteering to help!

Avatar
CT 2y ago

I will be as soon as my node is done tomorrow!

Avatar
Adam 2y ago

So I have to approve every note from the Lilygo device, similar to a bitcoin spend? And I would need to carry the device with me for mobile use? Seems like a massive PITA.

Imo, it's only useful for high visibility accounts where loss of the private key would be devastating. Or maybe I don't fully understand?

Avatar
Ron Stoner 2y ago

In the current version it works as a “blind signer” so to speak. I need the device plugged in with Chrome and a NIP-07 extension such as Horse. Certain clients that support NIP-07 authentication will call out via USB over the Horse extension for signing requests. I actually like that I can plug in the device and use nostr as normal but know that my private key is stored on the device passing back and forth signed events and shared secrets.

The things currently missing that I’m sure are coming :

- Locking/unlocking

- Better key encryption

- Individual event signing

- Preview of event on hardware display

The user experience of just needing a device plugged in (the ‘something you have’ in security) is actually nice with the trade off in security and event signing. I would love to see a toggle for the user to customize their own experience depending on their security posture and what the key is associate with.

Avatar
Adam 2y ago

Thanks for the reply. I agree, there's definitely peace of mind with a physical device.

For a similar experience with a little less security, something like the Alby extension works well. It can prompt you every time it needs access to your private (or public) key, and it shows you a preview of the json that will be signed.

Avatar
Ron Stoner 2y ago

I’ve used Alby and nos2x prior and like what they do. Based on who I am though I prefer to manage my keys totally offline. The hardware experience still has a bit to go, but I love seeing the foundational work to get there. It’s not for all users, but then again security is never one size fits all and there are always trade offs.

Avatar
Adam 2y ago

Well said. Good luck, I look forward to seeing how this develops.